'Mora_001' RW gang exploiting Fortinet bug spotlighted by CISA in January but Announed the intrusion in recent days

[NextGenPentesters]

There are rumors that the Mora_001 gang has ties to the LockBit RW but this is another guess, not a fact.
However they have successfully exploited CVE-2024-55591 and CVE-2025-24472.
There were series of intrusions that began with the exploitation of the bugs — which impact Fortigate firewall appliances — and culminated in the deployment of a newly discovered ransomware strain they dubbed SuperBlack!
LockBit was one of the most devastating ransomware gangs before an international law enforcement operation shuttered many of the tools and systems the operators used. But Mora_001 “leveraged the leaked LockBit builder, modifying the ransom note structure by removing LockBit branding, and employing their own exfiltration tool.

 

[Horse_whith_big_balls]

кажется только ленивый не эксплуатировал эти цве)

 

[NextGenPentesters]

It seems that only the lazy ones did not exploit these flowers)

You call those dangerous hackers "lazy". No bro, i think they did great thing.

 

[Trax]

Interesting analysis bro, the focus on Fortigate vulns and the modified LB builder suggests a good level of technical skills in my opinion. i'm curious about the specific modifications made to the exfil tool. any public info about this?

 

[NextGenPentesters]

Interesting analysis bro, the focus on Fortigate vulns and the modified LB builder suggests a good level of technical skills in my opinion. i'm curious about the specific modifications made to the exfil tool. any public info about this?

Yes dude, these hackers that copy attacks from lockbit and their breach is confirmed, are really professional!

Just search "Mora_001 gang" in internet ans get more details. They got what they wanted, "get their gang name on internet"

Thanks for your attention.